Tech Support Forum - View Single Post

vowelsgoddess · 03-20-2005, 05:02 AM

Thanks for answering me so quickly. Thanks again for your help.

To answer your first question, when I ran another another Trendmicro scan after doing everything you said in your answer, it found only one infected file called EXPL IFRAMEBOA and it was categorized non cleanable. But I could delete it. Here's the location of that file:
C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\X3FJTXKE\205-2[1].html
It seems that the 2 infected files that the scan couldn't access have disappeared.
Beside of that my anti virus Avast keeps finding several viruses and worms. They are called WIN32: Trojan-gen, WIN32: Srch Assist (Adw) and WIN32: Trojano-874[trj]
Their direcories are:
C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\ANCVKZEB\optimize[1].exe
C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\ANCVKZEB\saap[1].exe
C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\X3FJTXKE\nem220[1].dll
C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\Y15UBYD4\loader2[1].ocx

Below you will find the result.txt log I got after running KRC HijackThis Analyzer:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 11:25:22, on 20/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\Documents and Settings\Elise Haultecoeur\Mes documents\Mes logiciels\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/f...en/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\350 CW Mouse Cardreader Wireless\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\fullgames.exe -N
O4 - HKCU\..\Run: [VideoCall] "C:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimized
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...1023_EN_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binarie...lv32_EN_XP.cab
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://access.gamesplayground.com/ou.../fullgames.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

End of KRC HijackThis Analyzer Log.
====================================================================

03-20-2005, 05:02 AM	#3 (permalink)
vowelsgoddess Registered User Join Date: Mar 2005 Posts: 4 OS: XP	second hijackthis log Thanks for answering me so quickly. Thanks again for your help. To answer your first question, when I ran another another Trendmicro scan after doing everything you said in your answer, it found only one infected file called EXPL IFRAMEBOA and it was categorized non cleanable. But I could delete it. Here's the location of that file: C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\X3FJTXKE\205-2[1].html It seems that the 2 infected files that the scan couldn't access have disappeared. Beside of that my anti virus Avast keeps finding several viruses and worms. They are called WIN32: Trojan-gen, WIN32: Srch Assist (Adw) and WIN32: Trojano-874[trj] Their direcories are: C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\ANCVKZEB\optimize[1].exe C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\ANCVKZEB\saap[1].exe C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\X3FJTXKE\nem220[1].dll C:\Documents and Settings\Elise Haultecoeur\Local Settings\Temporary Internet Files\Content IE5\Y15UBYD4\loader2[1].ocx Below you will find the result.txt log I got after running KRC HijackThis Analyzer: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 11:25:22, on 20/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe C:\WINDOWS\system32\ap9h4qmo.exe C:\Documents and Settings\Elise Haultecoeur\Mes documents\Mes logiciels\HJT\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/f...en/default.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file) O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-be\msnappau.exe" O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\350 CW Mouse Cardreader Wireless\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\fullgames.exe -N O4 - HKCU\..\Run: [VideoCall] "C:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimized O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...1023_EN_XP.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binarie...lv32_EN_XP.cab O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://access.gamesplayground.com/ou.../fullgames.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe End of KRC HijackThis Analyzer Log. ====================================================================